#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
-#include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
-#include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
+/** for ethernet_header_t */
+#include <vnet/ethernet/ethernet.h>
+/** for ethernet_arp_header_t */
+#include <vnet/ethernet/arp_packet.h>
#include <vnet/ppp/ppp.h>
-#include <vnet/srp/srp.h> /* for srp_hw_interface_class */
-#include <vnet/api_errno.h> /* for API error numbers */
+/** for srp_hw_interface_class */
+#include <vnet/srp/srp.h>
+/** for API error numbers */
+#include <vnet/api_errno.h>
-/** \file
- vnet ip4 forwarding
+/** @file
+ vnet ip4 forwarding
*/
/* This is really, really simple but stupid fib. */
goto done;
}
}
-
+
/* Nothing matches in table. */
ai = lm->miss_adj_index;
return ai;
}
+/** @brief Create FIB from table ID and init all hashing.
+ @param im - @ref ip4_main_t
+ @param table_id - table ID
+ @return fib - @ref ip4_fib_t
+*/
static ip4_fib_t *
create_fib_with_table_id (ip4_main_t * im, u32 table_id)
{
vec_add2 (im->fibs, fib, 1);
fib->table_id = table_id;
fib->index = fib - im->fibs;
+ /* IP_FLOW_HASH_DEFAULT is net value of 5 tuple flags without "reverse" bit */
fib->flow_hash_config = IP_FLOW_HASH_DEFAULT;
fib->fwd_classify_table_index = ~0;
fib->rev_classify_table_index = ~0;
return fib;
}
+/** @brief Find existing or Create new FIB based on index
+ @param im @ref ip4_main_t
+ @param table_index_or_id - overloaded parameter referring
+ to the table or a table's index in the FIB vector
+ @param flags - used to check if table_index_or_id was a table or
+ an index (detected by @ref IP4_ROUTE_FLAG_FIB_INDEX)
+ @return either the existing or a new ip4_fib_t entry
+*/
ip4_fib_t *
-find_ip4_fib_by_table_index_or_id (ip4_main_t * im,
+find_ip4_fib_by_table_index_or_id (ip4_main_t * im,
u32 table_index_or_id, u32 flags)
{
uword * p, fib_index;
fib_index = table_index_or_id;
+ /* If this isn't a FIB_INDEX ... */
if (! (flags & IP4_ROUTE_FLAG_FIB_INDEX))
{
+ /* If passed ~0 then request the next table available */
if (table_index_or_id == ~0) {
table_index_or_id = 0;
while ((p = hash_get (im->fib_index_by_table_id, table_index_or_id))) {
table_index_or_id++;
}
- return create_fib_with_table_id (im, table_index_or_id);
+ /* Create the next table and return the ip4_fib_t associated with it */
+ return create_fib_with_table_id (im, table_index_or_id);
}
-
+ /* A specific table_id was requested.. */
p = hash_get (im->fib_index_by_table_id, table_index_or_id);
+ /* ... and if it doesn't exist create it else grab its index */
if (! p)
return create_fib_with_table_id (im, table_index_or_id);
fib_index = p[0];
}
+ /* Return the ip4_fib_t associated with this index */
return vec_elt_at_index (im->fibs, fib_index);
}
vnet_buffer (p0)->ip.adj_index[VLIB_TX] = adj_index0;
vnet_buffer (p1)->ip.adj_index[VLIB_TX] = adj_index1;
+ if (is_indirect)
+ {
+ /* ARP for next-hop not packet's destination address */
+ if (adj0->lookup_next_index == IP_LOOKUP_NEXT_ARP)
+ ip0->dst_address.as_u32 = dst_addr0->as_u32;
+ if (adj1->lookup_next_index == IP_LOOKUP_NEXT_ARP)
+ ip1->dst_address.as_u32 = dst_addr1->as_u32;
+ }
+
vlib_increment_combined_counter
(cm, cpu_index, adj_index0, 1,
vlib_buffer_length_in_chain (vm, p0)
vnet_buffer (p0)->ip.adj_index[VLIB_TX] = adj_index0;
+ if (is_indirect)
+ {
+ /* ARP for next-hop not packet's destination address */
+ if (adj0->lookup_next_index == IP_LOOKUP_NEXT_ARP)
+ ip0->dst_address.as_u32 = dst_addr0->as_u32;
+ }
+
vlib_increment_combined_counter
(cm, cpu_index, adj_index0, 1,
vlib_buffer_length_in_chain (vm, p0)
/* Built-in ip4 unicast rx feature path definition */
VNET_IP4_UNICAST_FEATURE_INIT (ip4_inacl, static) = {
.node_name = "ip4-inacl",
- .runs_before = {"ip4-source-check-via-rx", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip4-source-check-via-rx", 0},
.feature_index = &ip4_main.ip4_unicast_rx_feature_check_access,
};
VNET_IP4_UNICAST_FEATURE_INIT (ip4_source_check_1, static) = {
.node_name = "ip4-source-check-via-rx",
- .runs_before = {"ip4-source-check-via-any", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip4-source-check-via-any", 0},
.feature_index =
&ip4_main.ip4_unicast_rx_feature_source_reachable_via_rx,
};
VNET_IP4_UNICAST_FEATURE_INIT (ip4_source_check_2, static) = {
.node_name = "ip4-source-check-via-any",
- .runs_before = {"ip4-policer-classify", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip4-policer-classify", 0},
.feature_index =
&ip4_main.ip4_unicast_rx_feature_source_reachable_via_any,
};
+VNET_IP4_UNICAST_FEATURE_INIT (ip4_source_and_port_range_check_rx, static) = {
+ .node_name = "ip4-source-and-port-range-check-rx",
+ .runs_before = ORDER_CONSTRAINTS {"ip4-policer-classify", 0},
+ .feature_index =
+ &ip4_main.ip4_unicast_rx_feature_source_and_port_range_check,
+};
+
VNET_IP4_UNICAST_FEATURE_INIT (ip4_policer_classify, static) = {
.node_name = "ip4-policer-classify",
- .runs_before = {"ipsec-input-ip4", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ipsec-input-ip4", 0},
.feature_index =
&ip4_main.ip4_unicast_rx_feature_policer_classify,
};
VNET_IP4_UNICAST_FEATURE_INIT (ip4_ipsec, static) = {
.node_name = "ipsec-input-ip4",
- .runs_before = {"vpath-input-ip4", 0},
+ .runs_before = ORDER_CONSTRAINTS {"vpath-input-ip4", 0},
.feature_index = &ip4_main.ip4_unicast_rx_feature_ipsec,
};
VNET_IP4_UNICAST_FEATURE_INIT (ip4_vpath, static) = {
.node_name = "vpath-input-ip4",
- .runs_before = {"ip4-lookup", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip4-lookup", 0},
.feature_index = &ip4_main.ip4_unicast_rx_feature_vpath,
};
VNET_IP4_UNICAST_FEATURE_INIT (ip4_lookup, static) = {
.node_name = "ip4-lookup",
- .runs_before = {0}, /* not before any other features */
+ .runs_before = 0, /* not before any other features */
.feature_index = &ip4_main.ip4_unicast_rx_feature_lookup,
};
/* Built-in ip4 multicast rx feature path definition */
VNET_IP4_MULTICAST_FEATURE_INIT (ip4_vpath_mc, static) = {
.node_name = "vpath-input-ip4",
- .runs_before = {"ip4-lookup-multicast", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip4-lookup-multicast", 0},
.feature_index = &ip4_main.ip4_multicast_rx_feature_vpath,
};
VNET_IP4_MULTICAST_FEATURE_INIT (ip4_lookup_mc, static) = {
.node_name = "ip4-lookup-multicast",
- .runs_before = {0}, /* not before any other features */
+ .runs_before = 0, /* not before any other features */
.feature_index = &ip4_main.ip4_multicast_rx_feature_lookup,
};
-static char * feature_start_nodes[] =
+static char * rx_feature_start_nodes[] =
{ "ip4-input", "ip4-input-no-checksum"};
+static char * tx_feature_start_nodes[] =
+{ "ip4-rewrite-transit"};
+
+/* Source and port-range check ip4 tx feature path definition */
+VNET_IP4_TX_FEATURE_INIT (ip4_source_and_port_range_check_tx, static) = {
+ .node_name = "ip4-source-and-port-range-check-tx",
+ .runs_before = ORDER_CONSTRAINTS {"interface-output", 0},
+ .feature_index =
+ &ip4_main.ip4_unicast_tx_feature_source_and_port_range_check,
+
+};
+
+/* Built-in ip4 tx feature path definition */
+VNET_IP4_TX_FEATURE_INIT (interface_output, static) = {
+ .node_name = "interface-output",
+ .runs_before = 0, /* not before any other features */
+ .feature_index = &ip4_main.ip4_tx_feature_interface_output,
+};
+
+
static clib_error_t *
ip4_feature_init (vlib_main_t * vm, ip4_main_t * im)
{
ip_lookup_main_t * lm = &im->lookup_main;
clib_error_t * error;
vnet_cast_t cast;
+ ip_config_main_t * cm;
+ vnet_config_main_t * vcm;
+ char **feature_start_nodes;
+ int feature_start_len;
- for (cast = 0; cast < VNET_N_CAST; cast++)
+ for (cast = 0; cast < VNET_N_IP_FEAT; cast++)
{
- ip_config_main_t * cm = &lm->rx_config_mains[cast];
- vnet_config_main_t * vcm = &cm->config_main;
+ cm = &lm->feature_config_mains[cast];
+ vcm = &cm->config_main;
+ if (cast < VNET_IP_TX_FEAT)
+ {
+ feature_start_nodes = rx_feature_start_nodes;
+ feature_start_len = ARRAY_LEN(rx_feature_start_nodes);
+ }
+ else
+ {
+ feature_start_nodes = tx_feature_start_nodes;
+ feature_start_len = ARRAY_LEN(tx_feature_start_nodes);
+ }
+
if ((error = ip_feature_init_cast (vm, cm, vcm,
feature_start_nodes,
- ARRAY_LEN(feature_start_nodes),
+ feature_start_len,
cast,
1 /* is_ip4 */)))
return error;
}
+
return 0;
}
u32 ci, cast;
u32 feature_index;
- for (cast = 0; cast < VNET_N_CAST; cast++)
+ for (cast = 0; cast < VNET_N_IP_FEAT; cast++)
{
- ip_config_main_t * cm = &lm->rx_config_mains[cast];
+ ip_config_main_t * cm = &lm->feature_config_mains[cast];
vnet_config_main_t * vcm = &cm->config_main;
vec_validate_init_empty (cm->config_index_by_sw_if_index, sw_if_index, ~0);
ci = cm->config_index_by_sw_if_index[sw_if_index];
- if (cast == VNET_UNICAST)
+ if (cast == VNET_IP_RX_UNICAST_FEAT)
feature_index = im->ip4_unicast_rx_feature_lookup;
- else
+ else if (cast == VNET_IP_RX_MULTICAST_FEAT)
feature_index = im->ip4_multicast_rx_feature_lookup;
+ else
+ feature_index = im->ip4_tx_feature_interface_output;
if (is_add)
- ci = vnet_config_add_feature (vm, vcm,
+ ci = vnet_config_add_feature (vm, vcm,
ci,
feature_index,
/* config data */ 0,
/* # bytes of config data */ 0);
cm->config_index_by_sw_if_index[sw_if_index] = ci;
+ /*
+ * note: do not update the tx feature count here.
+ */
}
return /* no error */ 0;
.next_nodes = IP4_LOOKUP_NEXT_NODES,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_lookup_node, ip4_lookup)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_lookup_node, ip4_lookup);
static uword
ip4_indirect (vlib_main_t * vm,
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_indirect_node, ip4_indirect)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_indirect_node, ip4_indirect);
/* Global IP4 main. */
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_drop_node, ip4_drop)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_drop_node, ip4_drop);
VLIB_REGISTER_NODE (ip4_punt_node,static) = {
.function = ip4_punt,
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_node, ip4_punt)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_node, ip4_punt);
VLIB_REGISTER_NODE (ip4_miss_node,static) = {
.function = ip4_miss,
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_miss_node, ip4_miss)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_miss_node, ip4_miss);
/* Compute TCP/UDP/ICMP4 checksum in software. */
u16
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_local_node, ip4_local)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_local_node, ip4_local);
void ip4_register_protocol (u32 protocol, u32 node_index)
{
u32 n_left_from, n_left_to_next, * to_next, next_index;
vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip4_input_node.index);
vlib_rx_or_tx_t adj_rx_tx = rewrite_for_locally_received_packets ? VLIB_RX : VLIB_TX;
+ ip_config_main_t * cm = &lm->feature_config_mains[VNET_IP_TX_FEAT];
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
u32 pi0, rw_len0, next0, error0, checksum0, adj_index0;
u32 pi1, rw_len1, next1, error1, checksum1, adj_index1;
u32 next0_override, next1_override;
+ u32 tx_sw_if_index0, tx_sw_if_index1;
if (rewrite_for_locally_received_packets)
next0_override = next1_override = 0;
/* Worth pipelining. No guarantee that adj0,1 are hot... */
rw_len0 = adj0[0].rewrite_header.data_bytes;
rw_len1 = adj1[0].rewrite_header.data_bytes;
+ vnet_buffer(p0)->ip.save_rewrite_length = rw_len0;
+ vnet_buffer(p1)->ip.save_rewrite_length = rw_len1;
/* Check MTU of outgoing interface. */
error0 = (vlib_buffer_length_in_chain (vm, p0) > adj0[0].rewrite_header.max_l3_packet_bytes
{
p0->current_data -= rw_len0;
p0->current_length += rw_len0;
- p0->error = error_node->errors[error0];
+ tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
vnet_buffer (p0)->sw_if_index[VLIB_TX] =
- adj0[0].rewrite_header.sw_if_index;
+ tx_sw_if_index0;
+
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index0)))
+ {
+ p0->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index0);
+ vnet_get_config_data (&cm->config_main,
+ &p0->current_config_index,
+ &next0,
+ /* # bytes of config data */ 0);
+ }
}
if (PREDICT_TRUE(error1 == IP4_ERROR_NONE))
{
p1->current_data -= rw_len1;
p1->current_length += rw_len1;
- p1->error = error_node->errors[error1];
+
+ tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
vnet_buffer (p1)->sw_if_index[VLIB_TX] =
- adj1[0].rewrite_header.sw_if_index;
+ tx_sw_if_index1;
+
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index1)))
+ {
+ p1->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index1);
+ vnet_get_config_data (&cm->config_main,
+ &p1->current_config_index,
+ &next1,
+ /* # bytes of config data */ 0);
+ }
}
/* Guess we are only writing on simple Ethernet header. */
ip4_header_t * ip0;
u32 pi0, rw_len0, adj_index0, next0, error0, checksum0;
u32 next0_override;
+ u32 tx_sw_if_index0;
if (rewrite_for_locally_received_packets)
next0_override = 0;
/* Update packet buffer attributes/set output interface. */
rw_len0 = adj0[0].rewrite_header.data_bytes;
+ vnet_buffer(p0)->ip.save_rewrite_length = rw_len0;
if (PREDICT_FALSE (rw_len0 > sizeof(ethernet_header_t)))
vlib_increment_combined_counter
{
p0->current_data -= rw_len0;
p0->current_length += rw_len0;
+ tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] =
- adj0[0].rewrite_header.sw_if_index;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
next0 = adj0[0].rewrite_header.next_index;
+
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index0)))
+ {
+ p0->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index0);
+ vnet_get_config_data (&cm->config_main,
+ &p0->current_config_index,
+ &next0,
+ /* # bytes of config data */ 0);
+ }
}
if (rewrite_for_locally_received_packets)
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_node, ip4_rewrite_transit)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_node, ip4_rewrite_transit);
VLIB_REGISTER_NODE (ip4_rewrite_local_node) = {
.function = ip4_rewrite_local,
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_local_node, ip4_rewrite_local)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_local_node, ip4_rewrite_local);
static clib_error_t *
add_del_interface_table (vlib_main_t * vm,
return error;
}
+/*?
+ * Place the indicated interface into the supplied VRF
+ *
+ * @cliexpar
+ * @cliexstart{set interface ip table}
+ *
+ * vpp# set interface ip table GigabitEthernet2/0/0 2
+ *
+ * Interface addresses added after setting the interface IP table end up in the indicated VRF table.
+ * Predictable but potentially counter-intuitive results occur if you provision interface addresses in multiple FIBs.
+ * Upon RX, packets will be processed in the last IP table ID provisioned.
+ * It might be marginally useful to evade source RPF drops to put an interface address into multiple FIBs.
+ * @cliexend
+ ?*/
VLIB_CLI_COMMAND (set_interface_ip_table_command, static) = {
.path = "set interface ip table",
.function = add_del_interface_table,
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_lookup_multicast_node, ip4_lookup_multicast)
+VLIB_NODE_FUNCTION_MULTIARCH (ip4_lookup_multicast_node, ip4_lookup_multicast);
VLIB_REGISTER_NODE (ip4_multicast_node,static) = {
.function = ip4_drop,
.function = set_ip_classify_command_fn,
};
+
+#define TEST_CODE 1
+#if TEST_CODE > 0
+
+static clib_error_t *
+set_interface_output_feature_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ vnet_main_t * vnm = vnet_get_main();
+ u32 sw_if_index = ~0;
+ int is_add = 1;
+ ip4_main_t * im = &ip4_main;
+ ip_lookup_main_t * lm = &im->lookup_main;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
+ ;
+ else if (unformat (input, "del"))
+ is_add = 0;
+ else
+ break;
+ }
+
+ if (sw_if_index == ~0)
+ return clib_error_return (0, "unknown interface `%U'",
+ format_unformat_error, input);
+
+ lm->tx_sw_if_has_ip_output_features =
+ clib_bitmap_set (lm->tx_sw_if_has_ip_output_features, sw_if_index, is_add);
+
+ return 0;
+}
+
+VLIB_CLI_COMMAND (set_interface_output_feature, static) = {
+ .path = "set interface output feature",
+ .function = set_interface_output_feature_command_fn,
+ .short_help = "set interface output feature <intfc>",
+};
+#endif /* TEST_CODE */